Updated to 1.1.6
This commit is contained in:
Nikos Mavrogiannopoulos
parent
17e5b407a3
commit
6f808d4213
2
.gitignore
vendored
2
.gitignore
vendored
@ -235,3 +235,5 @@
|
||||
/ocserv-1.1.3.tar.xz.sig
|
||||
/ocserv-1.1.4.tar.xz
|
||||
/ocserv-1.1.4.tar.xz.sig
|
||||
/ocserv-1.1.6.tar.xz.sig
|
||||
/ocserv-1.1.6.tar.xz
|
||||
|
||||
12
futex.patch
12
futex.patch
@ -1,12 +0,0 @@
|
||||
diff --git a/src/worker-privs.c b/src/worker-privs.c
|
||||
index ae0b375d..0b285113 100644
|
||||
--- a/src/worker-privs.c
|
||||
+++ b/src/worker-privs.c
|
||||
@@ -128,6 +128,7 @@ int disable_system_calls(struct worker_st *ws)
|
||||
ADD_SYSCALL(getrusage, 0);
|
||||
ADD_SYSCALL(alarm, 0);
|
||||
ADD_SYSCALL(getpid, 0);
|
||||
+ ADD_SYSCALL(futex, 0);
|
||||
|
||||
/* memory allocation - both are used by different platforms */
|
||||
ADD_SYSCALL(brk, 0);
|
||||
@ -1,16 +0,0 @@
|
||||
diff --git a/src/sec-mod.c b/src/sec-mod.c
|
||||
index 03f78276..6492b68a 100644
|
||||
--- a/src/sec-mod.c
|
||||
+++ b/src/sec-mod.c
|
||||
@@ -834,7 +834,10 @@ static int load_keys(sec_mod_st *sec, unsigned force)
|
||||
gnutls_privkey_import_x509_raw(p, &data,
|
||||
GNUTLS_X509_FMT_PEM,
|
||||
NULL, 0);
|
||||
- if (ret == GNUTLS_E_DECRYPTION_FAILED && vhost->pins.pin[0]) {
|
||||
+ /* GnuTLS 3.7.3 introduces a backwards incompatible change and
|
||||
+ * GNUTLS_E_PKCS11_PIN_ERROR is returned when an encrypted
|
||||
+ * file is loaded https://gitlab.com/gnutls/gnutls/-/issues/1321 */
|
||||
+ if ((ret == GNUTLS_E_DECRYPTION_FAILED || ret == GNUTLS_E_PKCS11_PIN_ERROR) && vhost->pins.pin[0]) {
|
||||
ret =
|
||||
gnutls_privkey_import_x509_raw(p, &data,
|
||||
GNUTLS_X509_FMT_PEM,
|
||||
@ -1,5 +1,5 @@
|
||||
Version: 1.1.4
|
||||
Release: 3%{?dist}
|
||||
Version: 1.1.6
|
||||
Release: 1%{?dist}
|
||||
%global _hardened_build 1
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 7
|
||||
@ -38,8 +38,6 @@ Source8: ocserv-genkey
|
||||
Source9: ocserv-script
|
||||
Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
|
||||
Source11: ocserv.init
|
||||
Patch1: futex.patch
|
||||
Patch2: gnutls-3.7.3.patch
|
||||
|
||||
# Taken from upstream:
|
||||
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
|
||||
@ -274,6 +272,9 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 17 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.6-1
|
||||
- Updated to 1.1.6
|
||||
|
||||
* Thu Feb 10 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.4-3
|
||||
- Update seccomp rules to allow the futex syscall
|
||||
- Workaround incompatible API change in GnuTLS 3.7.3.
|
||||
|
||||
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (ocserv-1.1.4.tar.xz) = bbdbf8d4fbe0c2aa3cf03e2b049d42a73918cc0863fa3ad0db79905e7855c7cb875e46c1d817e8c9eb19632bb0ee8a097f45c168046d9442901b56a5fd2a69a8
|
||||
SHA512 (ocserv-1.1.4.tar.xz.sig) = 1ca7a2fdd56dc7e628f4331c77b9859c9867af3eeef058357b3c197106a93052b099c278bef495f622a00ce5527f69b3762e9f57001cf6ba9f7b3b219a3e1a0d
|
||||
SHA512 (ocserv-1.1.6.tar.xz.sig) = 2a87768ad63d40053732fa011bbeb3532c9673296b9be299bf8f7d8dd3dd35571eee96c0b4fa9bf5a30633b4c844337ab3d562d6ea2b6ad8efca084eb5e6f502
|
||||
SHA512 (ocserv-1.1.6.tar.xz) = d1c5e5cf0e84aab168ed51516534df8b2968194dd1421f33563c61b3e47d5d79ebe9e6ffbf7cbcc9ff1242fae05151024f70ef586d063bec0b3eec00050bfdfa
|
||||
|
||||
Loading…
Reference in New Issue
Block a user